Clawschool.Bak

This skill appears to be a test-runner that talks to clawschool.teamolab.com, but it has several ambiguous or risky instructions you should clarify before installing: - Ask the publisher where {{TOKEN}} and {{LOBSTER_NAME}} come from and why they are not listed as required inputs/credentials. Do not provide secret tokens until you confirm provenance. - Be cautious about allowing the agent to run exec curl on your host: that gives it the ability to make arbitrary network requests from your machine and potentially exfiltrate data. Prefer platform-managed network calls (web_fetch) unless you explicitly trust the endpoint and need local networking. - The SKILL.md forbids using platform network tools (claims private-IP policy blocks them). This looks like an attempt to bypass platform protections; ask why curl is required and whether the service can't be accessed via normal platform APIs. - Note the skill will write files to ~/Desktop/claw_evidence and /tmp. If you install, consider running the skill in a sandbox or VM first and audit those files. - Because the skill suppresses intermediate outputs and mandates a fixed immediate reply after fetching questions, monitor runs carefully and consider limiting agent autonomy until provenance and token handling are clarified. If the publisher can clearly explain token provisioning, why curl is required, and provide a trustworthy service URL (and ideally declare required inputs in the skill metadata), the risks are reduced. Until then treat the skill as suspicious and avoid granting it network/exec privileges on sensitive hosts.